1. Create a service check and then tie that to your requirement/role
2. Is your certificate self-signed? If so, you will have to make sure that that certificate is also in the Certificate Stores on your client machines to avoid the warning message. An easier way would be to get a certificate from a third party which already have their roots in the client machines (like Verisign or GoDaddy etc)
3. Depends on your setup. In OOB you can't do that right now. IB you might be able to.
You can check for more than one AV. Ensure that you have the AV rules defined, and in your requirement setup, choose both the AV rules, and select "Any rule". This way if they have either one or the other, your AV requirement will pass.
As for the other question, you can have the users from OOB setups removed from the Online Users List. Check the port profile and select the appropriate options for that. In an IB setup, you can use the heartbeat timers to log them off. In either instance, they would still remain in the Certified Device List, but would be asked for posture when they reconnect. CDLs only get cleared manually or by defining timers to clear them periodically.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...